FreeBSD Bugzilla – Attachment 254927 Details for
Bug 282536
devel/libqb: update 2.0.6 → 2.0.8, fix CVE-2023-39976
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] devel/libqb: update 2.0.6 → 2.0.8, fix CVE-2023-39976
0001-devel-libqb-update-2.0.6-2.0.8-fix-CVE-2023-39976.patch (text/plain), 5.55 KB, created by
Älven
on 2024-11-04 12:48:17 UTC
(
hide
)
Description:
[PATCH] devel/libqb: update 2.0.6 → 2.0.8, fix CVE-2023-39976
Filename:
MIME Type:
Creator:
Älven
Created:
2024-11-04 12:48:17 UTC
Size:
5.55 KB
patch
obsolete
>From 689d308b8a4f97ab783bfe83fbc12874c899f8b5 Mon Sep 17 00:00:00 2001 >From: Ãlven <alster@vinterdalen.se> >Date: Mon, 4 Nov 2024 16:38:54 +0400 >Subject: [PATCH] devel/libqb: update 2.0.6 â 2.0.8, fix CVE-2023-39976 >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >https://nvd.nist.gov/vuln/detail/CVE-2023-39976 >--- > devel/libqb/Makefile | 22 +++++++++++----------- > devel/libqb/distinfo | 6 +++--- > devel/libqb/files/patch-configure | 11 ----------- > devel/libqb/pkg-descr | 10 +++++++--- > devel/libqb/pkg-plist | 2 +- > security/vuxml/vuln/2024.xml | 27 +++++++++++++++++++++++++++ > 6 files changed, 49 insertions(+), 29 deletions(-) > delete mode 100644 devel/libqb/files/patch-configure > >diff --git a/devel/libqb/Makefile b/devel/libqb/Makefile >index d2e535ee287f..f55e2bef199d 100644 >--- a/devel/libqb/Makefile >+++ b/devel/libqb/Makefile >@@ -1,44 +1,44 @@ > PORTNAME= libqb >-DISTVERSION= 2.0.6 >-PORTREVISION= 1 >+DISTVERSION= 2.0.8 > CATEGORIES= devel > MASTER_SITES= https://github.com/ClusterLabs/${PORTNAME}/releases/download/v${DISTVERSION}/ > > MAINTAINER= ports@FreeBSD.org > COMMENT= High performance logging, tracing, ipc, and polling library >-WWW= https://github.com/ClusterLabs/libqb/wiki >+WWW= https://github.com/ClusterLabs/libqb/wiki/ > > LICENSE= LGPL21 > LICENSE_FILE= ${WRKSRC}/COPYING > > TEST_DEPENDS= checkmk:devel/check > >-GROUPS= haclient >- >-QB_SOCKET_DIR?= /var/run/qb >-PLIST_SUB+= QB_SOCKET_DIR=${QB_SOCKET_DIR} >- > USES= cpe gmake gnome libtool pkgconfig python tar:xz > CPE_VENDOR= clusterlabs >-GNU_CONFIGURE= yes >-GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share > USE_GNOME= libxml2 > USE_LDCONFIG= yes > >+GNU_CONFIGURE= yes > CONFIGURE_ARGS= --with-socket-dir=${QB_SOCKET_DIR} \ > PACKAGE_STRING="${PORTNAME} ${DISTVERSION}" \ > PACKAGE_VERSION=${DISTVERSION} >-LDFLAGS= -B${LOCALBASE}/bin > > INSTALL_TARGET= install-strip > TEST_TARGET= check > >+LDFLAGS+= -B${LOCALBASE}/bin >+ >+GROUPS= haclient >+ >+PLIST_SUB+= QB_SOCKET_DIR=${QB_SOCKET_DIR} >+ > OPTIONS_DEFINE= DOCS DOXYGEN > OPTIONS_SUB= yes > > DOXYGEN_IMPLIES= DOCS > DOXYGEN_BUILD_DEPENDS= doxygen:devel/doxygen > >+QB_SOCKET_DIR?= /var/run/qb >+ > post-configure: > ${REINPLACE_CMD} -e 's/install: install-am/install:/g' ${WRKSRC}/doxygen2man/Makefile > >diff --git a/devel/libqb/distinfo b/devel/libqb/distinfo >index 7bd200ba9a47..3eee56e1455c 100644 >--- a/devel/libqb/distinfo >+++ b/devel/libqb/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1678190523 >-SHA256 (libqb-2.0.6.tar.xz) = f1e744208e8f69934804c14e05d9707668f99d4867de9cccf2f7a6bf4d48331c >-SIZE (libqb-2.0.6.tar.xz) = 507400 >+TIMESTAMP = 1730659822 >+SHA256 (libqb-2.0.8.tar.xz) = b42531fc20b8ac02f4c6d0a4dc49f7c4a1eef09bdb13af5f6927b7fc49522ee6 >+SIZE (libqb-2.0.8.tar.xz) = 521600 >diff --git a/devel/libqb/files/patch-configure b/devel/libqb/files/patch-configure >deleted file mode 100644 >index 8816040ff33d..000000000000 >--- a/devel/libqb/files/patch-configure >+++ /dev/null >@@ -1,11 +0,0 @@ >---- configure.orig 2022-01-19 20:58:44 UTC >-+++ configure >-@@ -21201,7 +21201,7 @@ done >- >- CFLAGS="$CFLAGS $PTHREAD_CFLAGS" >- LIBS="$LIBS $PTHREAD_LIBS" >--for ac_func in pthread_spin_lock pthread_setschedparam \ >-+for ac_func in pthread_setschedparam \ >- pthread_mutexattr_setpshared \ >- pthread_condattr_setpshared \ >- sem_timedwait semtimedop >diff --git a/devel/libqb/pkg-descr b/devel/libqb/pkg-descr >index eae12e7f97d0..1dc4c10e98cb 100644 >--- a/devel/libqb/pkg-descr >+++ b/devel/libqb/pkg-descr >@@ -1,3 +1,7 @@ >-libqb is a library with the primary purpose of providing high performance >-client server reusable features. It provides high performance logging, tracing, >-ipc, and poll. >+libqb is a library with the primary purpose of providing high-performance, >+reusable features for client-server architecture, such as logging, tracing, >+inter-process communication (IPC), and polling. >+ >+libqb is not intended to be an all-encompassing library, but instead provide >+focused APIs that are highly tuned for maximum performance for client-server >+applications. >diff --git a/devel/libqb/pkg-plist b/devel/libqb/pkg-plist >index 23cc32463e0b..d3d72c2f33ba 100644 >--- a/devel/libqb/pkg-plist >+++ b/devel/libqb/pkg-plist >@@ -15,7 +15,7 @@ include/qb/qbutil.h > lib/libqb.a > lib/libqb.so > lib/libqb.so.100 >-lib/libqb.so.100.3.0 >+lib/libqb.so.100.3.2 > libdata/pkgconfig/libqb.pc > sbin/qb-blackbox > %%PORTDOCS%%%%DOCSDIR%%/COPYING >diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index a429279ea8d2..8d6ab366760f 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1,3 +1,30 @@ >+ <vuln vid="ecf9a798-9aa9-11ef-a8f0-a8a15998b5cb"> >+ <topic>libqb -- Buffer overflow</topic> >+ <affects> >+ <package> >+ <name>libqb</name> >+ <range><lt>2.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>cve@mitre.org reports:</p> >+ <blockquote cite="https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8"> >+ <p>log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via >+ long log messages because the header size is not considered.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-39976</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-39976</url> >+ </references> >+ <dates> >+ <discovery>2023-08-08</discovery> >+ <entry>2024-11-04</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="e17384ef-c5e8-4b5d-bb62-c13405e7f1f7"> > <topic>chromium -- multiple security fixes</topic> > <affects> >-- >2.47.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 282536
: 254927 |
254958
|
254959
|
254960
|
254961
|
254967